Method and system for confidentially providing software components

US 9,542,537 B2
Filed: 10/14/2010
Issued: 01/10/2017
Est. Priority Date: 11/09/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method for confidentially providing a software component comprising:

(a) encrypting the software components symmetrically using a secret cryptographic key of a software component manufacturer;

(b) encrypting the secret cryptographic key symmetrically using a first cryptographic system key;

(c) transporting the encrypted software component and the encrypted secret cryptographic key by the software component manufacturer to a stored-program controller comprising an executor connected by a system bus to externally and separately located peripheral components for sensors and actuators;

(d) decrypting the transported encrypted secret cryptographic key symmetrically using a second cryptographic system key which is stored in firmware of the stored-program controller comprising the executor connected by the system bus to the externally and separately located peripheral components for sensors and actuators; and

(e) decrypting the transported encrypted software component symmetrically using the decrypted secret cryptographic key;

wherein the decrypted software component is provided for execution on the stored-program controller comprising the executor connected by the system bus to the externally and separately located peripheral components for sensors and actuators; and

wherein the first cryptographic system key and the second cryptographic system key are generated as a key pair by a manufacturer of the stored-program controller comprising the executor connected by the system bus to externally located peripheral components for sensors and actuators.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for confidentially providing a software component which is encrypted using a secret cryptographic key of a software component manufacturer, and the key is then encrypted using a first cryptographic system key, wherein the encrypted software component and the encrypted key are transported by the software component manufacturer to a destination system device. After decrypting the transported encrypted key using a second cryptographic system key, the transported encrypted software component is decrypted using the decrypted key, wherein the decrypted software component is provided for execution on the destination system device. The method can be used to protect source codes or object codes of a developed software component from access by a third party and still allows for processing using standard tools.

36 Citations

19 Claims

1. A method for confidentially providing a software component comprising:
- (a) encrypting the software components symmetrically using a secret cryptographic key of a software component manufacturer;
  
  (b) encrypting the secret cryptographic key symmetrically using a first cryptographic system key;
  
  (c) transporting the encrypted software component and the encrypted secret cryptographic key by the software component manufacturer to a stored-program controller comprising an executor connected by a system bus to externally and separately located peripheral components for sensors and actuators;
  
  (d) decrypting the transported encrypted secret cryptographic key symmetrically using a second cryptographic system key which is stored in firmware of the stored-program controller comprising the executor connected by the system bus to the externally and separately located peripheral components for sensors and actuators; and
  
  (e) decrypting the transported encrypted software component symmetrically using the decrypted secret cryptographic key;
  
  wherein the decrypted software component is provided for execution on the stored-program controller comprising the executor connected by the system bus to the externally and separately located peripheral components for sensors and actuators; and
  
  wherein the first cryptographic system key and the second cryptographic system key are generated as a key pair by a manufacturer of the stored-program controller comprising the executor connected by the system bus to externally located peripheral components for sensors and actuators.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as claimed in claim 1, wherein the first cryptographic system key and the second cryptographic system key are private cryptographic keys of a symmetric encryption method.
  - 3. The method as claimed in claim 2, wherein the second cryptographic system key is integrated in the stored program controller in a manipulation-proof manner.
  - 4. The method as claimed in claim 1, wherein, upon the encryption of the software component, a cryptographic checksum is generated and checked upon the decryption of the transported encrypted software component.
  - 5. The method as claimed in claim 4, wherein the cryptographic checksum comprises a message authentication code.
  - 6. The method as claimed in claim 4, wherein the cryptographic checksum comprises an electronic signature.
  - 7. The method as claimed in claim 1, wherein the encrypted software component and the encrypted key of the software component manufacturer are transported stored on a data carrier.
  - 8. The method as claimed in claim 1, wherein the encrypted software component and the encrypted key of the software component manufacturer are transported in data packets over a network.
  - 9. The method as claimed in claim 1, wherein the secret cryptographic key of the software component manufacturer is used to encrypt one of a software component and a plurality of software components simultaneously.

10. A system for confidentially providing software components for a user, comprising:
- at least one development device of a software component manufacturer on which a development tool is utilizable to produce software components which are each symmetrically encrypted by a secret cryptographic key of the software component manufacturer; and
  
  a stored-program controller comprising an executor connected by a system bus to externally and separately located peripheral components for sensors and actuators,the secret cryptographic key of the software component manufacturer being encrypted symmetrically by a first cryptographic system key and transported together with the symmetrically encrypted software component from the at least one development device to the stored-program controller, the stored-program controller being configured to initially utilize a second cryptographic system key which is stored in firmware of the stored-program controller to decrypt the transported encrypted key of the software component manufacture, and subsequently decrypt the transported encrypted software component symmetrically using the decrypted key of the software component manufacturer;
  
  wherein the decrypted software component is provided for execution on the stored-program controller comprising the executor connected by the system bus to the externally and separately located peripheral components for sensors and actuators; and
  
  wherein the first cryptographic system key and the second cryptographic system key are generated as a key pair by a manufacturer of the stored-program controller comprising the executor connected by the system bus to externally located peripheral components for sensors and actuators.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system as claimed in claim 10, wherein the second cryptographic system key is a private key generated by the manufacturer of the destination system device provided in the stored-program controller comprising the executor connected by the system bus to the externally and separately located peripheral components for sensors and actuators.
  - 12. The system as claimed in claim 10, wherein the development device of the software component manufacturer is connected over a network with the stored-program controller comprising the executor connected by the system bus to the externally and separately located peripheral components for sensors and actuators.
  - 13. The system as claimed in claim 11, wherein the development device of the software component manufacturer is connected over a network with the stored-program controller comprising the executor connected by the system bus to the externally and separately located peripheral components for sensors and actuators.
  - 14. The system as claimed in claim 10, wherein the software component comprises at least one program which is executable on the stored-program controller comprising the executor connected by the system bus to the externally and separately located peripheral components for sensors and actuators.

15. A destination system device comprising:
- a stored-program controller, comprising;
  
  a first decryptor which decrypts a transported encrypted key of a software component manufacturer symmetrically using a cryptographic system key which is stored in firmware of the stored-program controller;
  
  a second decryptor which decrypts a transported encrypted software component symmetrically using the transported key of the software component manufacturer decrypted by the first decryptor; and
  
  an executor connected by a system bus to externally and separately located peripheral components for sensors and actuators, said executor executing the software component decrypted by the second decryptor;
  
  wherein the cryptographic system key is generated with another cryptographic system key as a key pair by a manufacturer of the stored-program controller connected by the system bus to externally located peripheral components for sensors and actuators via the executor.
- View Dependent Claims (16, 17)
- - 16. The stored-program controller as claimed in claim 15, further comprising:
    - at least one interface which receives transported encrypted software components and encrypted keys of a software component manufacturer.
  - 17. The stored-program controller as claimed in claim 15, wherein the externally and separately located peripheral components for the sensors and actuators are connected by the bus to the executor.

18. A development device of a software component manufacturer, comprising:
- a first encryptor which encrypts a software component symmetrically using a secret cryptographic key of the software component manufacturer;
  
  a second encryptor which encrypts the secret cryptographic key of the software component manufacturer symmetrically using a first cryptographic system key; and
  
  an interface via which the symmetrically encrypted software component and the symmetrically encrypted secret cryptographic key are provided to a stored-program controller including a second cryptographic system key and comprising an executor connected by a system bus to externally and separately located peripheral components for sensors and actuators;
  
  wherein the first cryptographic system key and the second cryptographic system key are generated as a key pair by a manufacturer of the stored-program controller comprising the executor connected by the system bus to externally located peripheral components for sensors and actuators.
- View Dependent Claims (19)
- - 19. The development device as claimed in claim 18, wherein the first cryptographic system key and the second cryptographic system key are private cryptographic keys of a symmetric encryption method.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Braun, Michael, Dichtl, Markus, Meyer, Bernd
Primary Examiner(s)
TURCHEN, JAMES R

Application Number

US13/508,712
Publication Number

US 20120321089A1
Time in Patent Office

2,280 Days
Field of Search

380/282
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 2209/60   Digital content management,...

H04L 9/3247   involving digital signatures

Method and system for confidentially providing software components

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Method and system for confidentially providing software components

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others